Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://social.wildeboer.net/users/jwildeboer/statuses/114516287015424952">Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Saturday, 17-May-2025 10:23:59 JST</a><a href="https://social.wildeboer.net/@jwildeboer" title="jwildeboer@social.wildeboer.net"><img src="https://gnusocial.jp/avatar/2767-48-20250205224340.webp" width="48" height="48" alt="Jan Wildeboer 😷:krulorange:" style="position: absolute; left: 0; top: 0;">Jan Wildeboer 😷:krulorange:</a></section><article><p>I am totally sure (sarcasm included) that <a href="https://social.wildeboer.net/tags/Google" rel="tag">#Google</a> has totally overseen that their planned changes to their root program requirements will cause a lot of problems for mailserver owners like me who in future might run into weird problems with <a href="https://social.wildeboer.net/tags/Letsencrypt" rel="tag">#Letsencrypt</a> certificates for SMTP. I am sure that Google is absolutely not trying to make running your own mailserver even more complicated just to protect their gmail business. That would be totally not how Google thinks, amirite? <a href="https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/" rel="nofollow noreferrer">https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5065680#notice-9932190">In conversation</a><time datetime="2025-05-17T10:23:59+09:00" title="Saturday, 17-May-2025 10:23:59 JST">about a month ago</time> <span>from <span><a href="https://social.wildeboer.net/@jwildeboer/114516287015424952" rel="external" title="Sent from social.wildeboer.net via ActivityPub">social.wildeboer.net</a></span></span><a href="https://social.wildeboer.net/@jwildeboer/114516287015424952">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: letsencrypt.org</div><h5><a href="https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/">Ending TLS Client Authentication Certificate Support in 2026</a></h5><div></div></header><div>Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026. Most users who use Let’s Encrypt to secure websites won’t be affected and won’t need to take any action. However, if you use Let’s Encrypt certificates as client certificates to authenticate to a server, this change may impact you.
To minimize disruption, Let’s Encrypt will roll this change out in multiple stages, using ACME Profiles:</div><footer></footer></article></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/4639022">After this change is complete, only TLS Server Authentication will be available from Let’s Encrypt.This change is prompted by changes to Google Chrome’s root program requirements, which impose a June 2026 deadline to split TLS Client and Server Authentication into separate PKIs. Many uses of client authentication are better served by a private certificate authority, and so Let’s Encrypt is discontinuing support for TLS Client Authentication ahead of this deadline.</a></label><br><a href="https://cdn.masto.host/socialwildeboernet/media_attachments/files/114/516/285/604/835/823/original/ca265e09b0772f23.png" rel="external">https://cdn.masto.host/socialwildeboernet/media_attachments/files/114/516/285/604/835/823/original/ca265e09b0772f23.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Saturday, 17-May-2025 10:23:59 JST Jan Wildeboer 😷:krulorange:
I am totally sure (sarcasm included) that #Google has totally overseen that their planned changes to their root program requirements will cause a lot of problems for mailserver owners like me who in future might run into weird problems with #Letsencrypt certificates for SMTP. I am sure that Google is absolutely not trying to make running your own mailserver even more complicated just to protect their gmail business. That would be totally not how Google thinks, amirite? https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/
In conversationabout a month ago from social.wildeboer.netpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: letsencrypt.org
  Ending TLS Client Authentication Certificate Support in 2026
  Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026. Most users who use Let’s Encrypt to secure websites won’t be affected and won’t need to take any action. However, if you use Let’s Encrypt certificates as client certificates to authenticate to a server, this change may impact you. To minimize disruption, Let’s Encrypt will roll this change out in multiple stages, using ACME Profiles:
2. After this change is complete, only TLS Server Authentication will be available from Let’s Encrypt. This change is prompted by changes to Google Chrome’s root program requirements, which impose a June 2026 deadline to split TLS Client and Server Authentication into separate PKIs. Many uses of client authentication are better served by a private certificate authority, and so Let’s Encrypt is discontinuing support for TLS Client Authentication ahead of this deadline.
  https://cdn.masto.host/socialwildeboernet/media_attachments/files/114/516/285/604/835/823/original/ca265e09b0772f23.png

Public

Embed Notice

HTML Code

Corresponding Notice